By Topic

Reverse Engineering (WCRE), 2010 17th Working Conference on

Date 13-16 Oct. 2010

Filter Results

Displaying Results 1 - 25 of 53
  • [Front cover]

    Page(s): C1
    Save to Project icon | Request Permissions | PDF file iconPDF (291 KB)  
    Freely Available from IEEE
  • [Title page i]

    Page(s): i
    Save to Project icon | Request Permissions | PDF file iconPDF (30 KB)  
    Freely Available from IEEE
  • [Title page iii]

    Page(s): iii
    Save to Project icon | Request Permissions | PDF file iconPDF (435 KB)  
    Freely Available from IEEE
  • [Copyright notice]

    Page(s): iv
    Save to Project icon | Request Permissions | PDF file iconPDF (108 KB)  
    Freely Available from IEEE
  • Table of contents

    Page(s): v - vii
    Save to Project icon | Request Permissions | PDF file iconPDF (165 KB)  
    Freely Available from IEEE
  • Message from the General Chair

    Page(s): viii
    Save to Project icon | Request Permissions | PDF file iconPDF (930 KB)  
    Freely Available from IEEE
  • Organizing Committee

    Page(s): ix
    Save to Project icon | Request Permissions | PDF file iconPDF (95 KB)  
    Freely Available from IEEE
  • Message from the Program Chairs

    Page(s): x - xi
    Save to Project icon | Request Permissions | PDF file iconPDF (100 KB)  
    Freely Available from IEEE
  • Program Committee

    Page(s): xii
    Save to Project icon | Request Permissions | PDF file iconPDF (73 KB)  
    Freely Available from IEEE
  • Additional reviewers

    Page(s): xiii
    Save to Project icon | Request Permissions | PDF file iconPDF (45 KB)  
    Freely Available from IEEE
  • Keynotes; Stevens Lecture

    Page(s): xiv - xv
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (76 KB)  

    Summary form only given. Amazon.com just is a large e-commerce. This article discusses a talk on some of User Interface Engineering's latest research into the hidden treasures of Amazon. The talk reveals the simple Yes/No question that increased revenues by more than $1 billion; the elegant subtlety of Amazon's security system; why Amazon's business model is more than meets the eye, the wins and losses that Amazon has had with social media functionality. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • WCRE 2000 Most Influential Paper

    Page(s): xvi
    Save to Project icon | Request Permissions | PDF file iconPDF (70 KB)  
    Freely Available from IEEE
  • Normalizing Source Code Vocabulary

    Page(s): 3 - 12
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (272 KB) |  | HTML iconHTML  

    Information Retrieval (IR) based tools complement traditional static and dynamic analysis tools by exploiting the natural language found within a program's text. Tools incorporating IR have tackled problems, such as feature location, that previously required considerable human effort. However, to reap the full benefit of IR-based techniques, the language used across all software artifacts (e.g., requirement and design documents, test plans, as well as the source code) must be consistent. Vocabulary normalization aligns the vocabulary found in source code with that found in other software artifacts. Normalization both splits an identifier into its constituent parts and expands each part into a full dictionary word to match vocabulary in other artifacts. An algorithm for normalization is presented. Its current implementation incorporates a greatly improved splitter that exploits a collection of resources including several dictionaries, frequency distributions derived from the corpus of programs, and co-occurrence data. Empirical study of this new splitter, GenTest, on almost 8000 identifiers finds that it correctly splits 82%, outperforming the current state-of-the-art. A preliminary experiment with the normalization algorithm finds it improving the FLAT ̂ 3 feature locator's scores of relevant code from 0.60 to 0.95 on a scale from 0 to 1. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Studying the Impact of Clones on Software Defects

    Page(s): 13 - 21
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (297 KB) |  | HTML iconHTML  

    There are numerous studies that examine whether or not cloned code is harmful to software systems. Yet, few of them study which characteristics of cloned code in particular lead to software defects. In our work, we use survival analysis to understand the impact of clones on software defects and to determine the characteristics of cloned code that have the highest impact on software defects. Our survival models express the risk of defects in terms of basic predictors inherent to the code (e.g., LOC) and cloning predictors (e.g., number of clone siblings). We perform a case study using two clone detection tools on two large, long-lived systems using survival analysis. We determine that the defect-proneness of cloned methods is specific to the system under study and that more resources should be directed towards methods with a longer 'commit history'. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Mining Source Code for Structural Regularities

    Page(s): 22 - 31
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (311 KB) |  | HTML iconHTML  

    During software development, design rules and contracts in the source code are often encoded through regularities, such as API usage protocols, coding idioms and naming conventions. The structural regularities that govern a program can aid in comprehension and maintenance of the application, but are often implicit or undocumented. Tool support for extracting these regularities from the source code can provide developers useful insights. But building such tool support is not trivial, in particular, because the informal nature of regularities results in frequent deviations and exceptions to these regularities. We propose an automated approach, based on association rule mining, to discover the structural regularities that govern the source code of a software system. We chose this technique because of its resilience to exceptions. In general, tool support for mining regularities tends to discover a huge amount of rules, making interpretation of the results hard and time-consuming. To ease the interpretation, we reduce the results to a minimal canonical form, and group them to obtain a more rational description of the discovered regularities. As an initial feasibility study of our approach, we applied it on two open-source systems, namely Intensive (Smalltalk) and FreeCol (Java). View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the Use of Automated Text Summarization Techniques for Summarizing Source Code

    Page(s): 35 - 44
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (186 KB) |  | HTML iconHTML  

    During maintenance developers cannot read the entire code of large systems. They need a way to get a quick understanding of source code entities (such as, classes, methods, packages, etc.), so they can efficiently identify and then focus on the ones related to their task at hand. Sometimes reading just a method header or a class name does not tell enough about its purpose and meaning, while reading the entire implementation takes too long. We study a solution which mitigates the two approaches, i.e., short and accurate textual descriptions that illustrate the software entities without having to read the details of the implementation. We create such descriptions using techniques from automatic text summarization. The paper presents a study that investigates the suitability of various such techniques for generating source code summaries. The results indicate that a combination of text summarization techniques is most appropriate for source code summarization and that developers generally agree with the summaries produced. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Static Analysis for Understanding Shared Objects in Open Concurrent Java Programs

    Page(s): 45 - 54
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (438 KB) |  | HTML iconHTML  

    Concurrent programming with shared memory in an object-oriented language such as Java is notoriously difficult. Therefore, it is important to study new program understanding techniques for concurrent object-oriented languages. This paper studies shared objects in open concurrent Java programs. First, it proposes a classification of shared objects into three categories: central, owned and distributed. Second, it presents a new static analysis that infers central, owned and distributed objects, as well as experiments with the analysis. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Visually Supporting Source Code Changes Integration: The Torch Dashboard

    Page(s): 55 - 64
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1159 KB) |  | HTML iconHTML  

    Automatic and advanced merging algorithms help programmers to merge their modifications in main development repositories. However, there is little support to help release masters (integrators) to take decisions about the integration of published merged changes into the system release. Most of the time, the release master has to read all the changed code, check the diffs to build an idea of a change, and read unchanged code to understand the context of some changes. Such a task can be overwhelming. In this paper we present a dashboard to support integrators getting an overview of proposed changes in the context of object-oriented programming. Our approach named Torch characterizes changes based on structural information, authors and symbolic information. It mixes text-based diff information with visual representation and metrics characterizing the changes. We describe our experiment applying it to Pharo, a large open-source system, and report on the evaluation of our approach by release masters of several open-source projects. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Understanding Plug-in Test Suites from an Extensibility Perspective

    Page(s): 67 - 76
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (593 KB) |  | HTML iconHTML  

    Plug-in architectures enable developers to build extensible software products. Such products are assembled from plug-ins, and their functionality can be enriched by adding or configuring plug-ins. The plug-ins themselves consist also of multiple plug-ins, and offer dedicated points through which their functionality can be influenced. A well-known example of such an architecture is Eclipse, best known for its use to create a series of extensible IDEs. In order to test systems built from plug-ins developers use extensive automated test suites. Unfortunately, current testing tools offer little insight in which of the many possible combinations of plug-ins and plug-in configurations are actually tested. To remedy this problem, we propose three architectural views that provide an extensibility perspective on plug-in-based systems and their test suites. The views combine static and dynamic information on plug-in dependencies, extension initialization, and extension usage. The views are implemented in ETSE, the Eclipse Plug-in Test Suite Exploration tool. We evaluate the proposed views by analyzing eGit and Mylyn, two open source Eclipse plug-ins. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Immediacy through Interactivity: Online Analysis of Run-time Behavior

    Page(s): 77 - 86
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (351 KB) |  | HTML iconHTML  

    Visualizations of actual run-time data support the comprehension of programs, like examples support the explanation of abstract concepts and principles. Unfortunately, the required run-time analysis is often associated with an inconvenient overhead that renders current tools impractical for frequent use. We propose an interactive approach to collect and present run-time data. An initial shallow analysis provides for immediate access to visualizations of run-time information. As users explore this information, it is incrementally refined on-demand. We present an implementation that realizes our proposed approach and enables developers to instantly explore run-time behavior of selected code entities. We evaluate our interactive approach by measuring time and memory overhead in the context of ten different-sized projects. Our empirical results show that run-time data for an initial overview can be collected in less than 300 milliseconds for 95% of cases. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Extracting Sequence Diagrams from Execution Traces Using Interactive Visualization

    Page(s): 87 - 96
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2966 KB) |  | HTML iconHTML  

    We present a semi-automated approach for the reverse engineering of UML sequence diagrams. Our approach starts with a set of execution traces that are automatically aligned in order to determine the common behavior. Sequence diagrams are then extracted with an interactive visualization, which allows navigating into execution traces and performing extraction operations. We provide a concrete illustration of our approach with a case study, and show in particular that the resulting diagrams are more meaningful and more compact than those extracted by automated approaches. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Evaluating the Impact of Software Evolution on Software Clustering

    Page(s): 99 - 108
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (354 KB) |  | HTML iconHTML  

    The evolution of a software project is a rich data source for analyzing and improving the software development process. Recently, several research groups have tried to cluster source code artifacts based on information about how the code of a software system evolves. The results of these evolutionary approaches seem promising, but a direct comparison to traditional software clustering approaches based on structural code dependencies is still missing. To fill this gap, we conducted several clustering experiments with an approved software clustering tool comparing and combining the evolutionary and the structural approach. These experiments show that the evolutionary approach could produce meaningful clustering results. But still the traditional approach provides better results because of a more reliable data density of the structural data. Finally, the combination of both approaches is able to improve the overall clustering quality. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Understanding Feature Evolution in a Family of Product Variants

    Page(s): 109 - 118
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (292 KB) |  | HTML iconHTML  

    Existing software product variants, developed by ad hoc reuse such as copy-paste-modify, are often a starting point for building Software Product Line (SPL). Understanding of how features evolved in product variants is a prerequisite to transition from ad hoc to systematic SPL reuse. We propose a method that assists analysts in detecting changes to product features during evolution. We first entail that features and their inter-dependencies for each product variant are documented as product feature model. We then apply model differencing algorithm to identify evolutionary changes that occurred to features of different product variants. We evaluate the effectiveness of our approach on a family of medium-size financial systems. We also investigate the scalability of our approach with synthetic data. The evaluation demonstrates that our approach yields good results and scales to large systems. Our approach enables the subsequent variability analysis and consolidation of product variants in the task of reengineering product variants into SPL. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Blending Conceptual and Evolutionary Couplings to Support Change Impact Analysis in Source Code

    Page(s): 119 - 128
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (459 KB) |  | HTML iconHTML  

    The paper presents an approach that combines conceptual and evolutionary techniques to support change impact analysis in source code. Information Retrieval (IR) is used to derive conceptual couplings from the source code in a single version (release) of a software system. Evolutionary couplings are mined from source code commits. The premise is that such combined methods provide improvements to the accuracy of impact sets. A rigorous empirical assessment on the changes of the open source systems Apache httpd, ArgoUML, iBatis, and KOffice is also reported. The results show that a combination of these two techniques, across several cut points, provides statistically significant improvements in accuracy over either of the two techniques used independently. Improvements in recall values of up to 20% over the conceptual technique in KOffice and up to 45% over the evolutionary technique in iBatis were reported. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Reverse Engineering Self-Modifying Code: Unpacker Extraction

    Page(s): 131 - 140
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (246 KB) |  | HTML iconHTML  

    An important application of binary-level reverse engineering is in reconstructing the internal logic of computer malware. Most malware code is distributed in encrypted (or "packed") form, at runtime, an unpacker routine transforms this to the original executable form of the code, which is then executed. Most of the existing work on analysis of such programs focuses on detecting unpacking and extracting the unpacked code. However, this does not shed any light on the functionality of different portions of the code so obtained, and in particular does not distinguish between code that performs unpacking and code that does not, identifying such functionality can be helpful for reverse engineering the code. This paper describes a technique for identifying and extracting the unpacker code in a self-modifying program. Our algorithm uses offline analysis of a dynamic instruction trace both to identify the point(s) where unpacking occurs and to identify and extract the corresponding unpacker code. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.